Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Weak Default SSL use in Port Forwarding Service
Vulnerability Description
The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
在会话协商时选择低安全性的算法(算法降级)
Vulnerability Title
Western Digital My Cloud 安全漏洞
Vulnerability Description
Western Digital My Cloud是美国西部数据(Western Digital)公司的一款个人云存储设备。 Western Digital My Cloud Web App存在安全漏洞。攻击者利用该漏洞危害传输信息的完整性、机密性和真实性。
CVSS Information
N/A
Vulnerability Type
N/A